Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hard-coded vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-10578
An issue exists on WatchGuard AP100, AP102, and AP200 devices with firmware prior to 1.2.9.15, and AP300 devices with firmware prior to 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an malicious user to bypass validation o...
Watchguard Ap200 Firmware
Watchguard Ap102 Firmware
Watchguard Ap100 Firmware
Watchguard Ap300 Firmware
1000
VMScore
CVE-2009-3710
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote malicious users to gain privileges via port 8022.
Riorey Rios 4.7.0
Riorey Rios 4.6.6
1 EDB exploit
890
VMScore
CVE-2019-9493
The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the malicious user to learn the location of...
Mycarcontrols Mycar Controls
445
VMScore
CVE-2019-10920
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an u...
Siemens Logo\\!8 Bm Firmware
NA
CVE-2023-22360
Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and previous versions due to lack of error handling process even when an error was detected. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to informat...
Jtekt Screen Creator Advance 2 0.1.1.4
Jtekt Screen Creator Advance 2
890
VMScore
CVE-2006-4950
Cisco IOS 12.2 up to and including 12.4 prior to 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allow...
Cisco Ios 12.3\\(11\\)t4
Cisco Ios 12.3\\(11\\)t5
Cisco Ios 12.3\\(11\\)yf2
Cisco Ios 12.3\\(11\\)yf3
Cisco Ios 12.3\\(11\\)yr
Cisco Ios 12.3\\(11\\)ys
Cisco Ios 12.3\\(13a\\)
Cisco Ios 12.3\\(13a\\)bc
Cisco Ios 12.3\\(14\\)ym4
Cisco Ios 12.3\\(14\\)yq
Cisco Ios 12.3\\(15\\)
Cisco Ios 12.3\\(15b\\)
Cisco Ios 12.3\\(2\\)t3
Cisco Ios 12.3\\(2\\)t8
Cisco Ios 12.3\\(2\\)xe3
Cisco Ios 12.3\\(2\\)xe4
Cisco Ios 12.3\\(4\\)t1
Cisco Ios 12.3\\(4\\)t2
Cisco Ios 12.3\\(4\\)xd2
Cisco Ios 12.3\\(4\\)xe4
Cisco Ios 12.3\\(4\\)xk1
Cisco Ios 12.3\\(4\\)xk3
294
VMScore
CVE-2013-4866
The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate malicious users to trigger physical resource consumption (water or heat) or user discomfort.
Lixil My Satis Genius Toilet -
755
VMScore
CVE-2001-0839
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote malicious users to modify account information in the .htpasswd file via brute force password guessing.
Ibill Internet Billing Company Processing Plus
1 EDB exploit
465
VMScore
CVE-2005-2898
NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local user...
Filezilla Filezilla 2.2.15
Filezilla Filezilla 2.2.14b
1 EDB exploit
890
VMScore
CVE-2015-8362
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices prior to 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote malicious users to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-20...
Harman Amx Firmware 1.2.322
Harman Amx Firmware 1.3.100
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »